PCI Compliance doesn’t like the Desktop Services Store

The Desktop Services Store (DS_Store) as you probably already know, is a file that stores some metadata about the files in a directory in the OS X. I’ve taken a look at them, they seem pretty harmless, but in the realm of PCI Compliance they are a medium risk because they can reveal the directory structure (which could very well be innocuous depending on the site). Like most of the PCI Compliancy challenges I’ve faced, it’s a pretty simple fix:


<Files "^.">
    Order deny,allow
    Deny from all


location ~ /.
    deny all

Note, the above examples will deny access to all hidden files (.htaccess, .DS_Store, et cetera)

Josh Sherman - The Man, The Myth, The Avatar

About Josh

Husband. Father. Pug dad. Musician. Founder of Holiday API, Head of Engineering and Emoji Specialist at Mailshake, and author of the best damn Lorem Ipsum Library for PHP.

If you found this article helpful, please consider buying me a coffee.